Cybersecurity is a hot topic for a good reason: the number of cyber crimes are continuing to trend upward while the attacks themselves are becoming more sophisticated.
They’re also targeting a wide variety of businesses and organizations, including small businesses that lack sophisticated measures to prevent attacks.
In addition to investing in added security measures, education is one of the best ways you can protect yourself and your business. You don’t need to be an expert and understand all of the technicalities of cybersecurity. But, having a baseline understanding of these common terms will help you better navigate the world of cyber crimes and the tools you have available to prevent them.
Authentication
Authentication is the process of verifying the identity of a user on a device. A username and password is the most common process for authentication. Multi-factor authentication, where more levels of verification like entering passcodes sent to your phone or email are required, is growing in popularity for the added level of security.
Important Number to Know:
Multi-factor authentication is a superior way to protect and block 100% of automated attack attempts, reports a Google study with New York University and the University of California-San Diego.
Botnet
A botnet is a group of connected malware-infected devices, like cell phones. The cyber criminal then uses these devices to orchestrate a larger attack, known as a Distributed Denial of Service (DDoS) (see definition below). Individuals are typically unaware their phone is infected with the malware, making them victims in the attack, as well.
Important Number to Know
2021 has seen more than a 100% increase in attacks on smart devices, with more than 1.5 billion attacks in the first six months of the year alone.
Distributed Denial of Service (DDoS)
During a DDoS attack, multiple machines work together to instigate an attack on one target. Botnets are frequently used to enact these types of attacks, flooding the target (a website) with requests that can slow it down or, even worse, cause it to crash.
Important Number to Know:
Forbes reports that the average small business DDoS attack costs a small business around $120,000.
Data
When we refer to data in the cybersecurity space, we’re typically referring to anything that has a value to your organization and is used or accessed digitally. This includes work files first and foremost, but also things like private employee and client information, processes, structures, and other assets of value to your business.
Important Number to Know:
According to the Varonis Global Data Risk report, only 5% of companies and organizations have established proper permissions and protections on all folders.
Data Breach
Data breaches are a common cyber attack on businesses and organizations and involve an attacker reviewing, stealing, and or/publishing sensitive data. All businesses need precautions to prevent data breaches, but it’s especially important if you handle and store customer data like credit card numbers.
Important Number to Know:
143 million people were exposed to the Equifax Data Breach in 2017, an event that could have been prevented by a software update.
Disruption
When an app, server, or network goes down unplanned, this is a disruption. Disruptions cause interruptions in functionality, which for a business can translate into lost productivity and income, and are considered one of the biggest risks of cybersecurity threats.
Important Number to Know:
A malware attack can cost a business, on average, 50 days of lost time.
Malware
Malware is a malicious form of software used to compromise a device and perform unauthorized tasks like stealing data, corrupting files, and recording passwords. Malware is often downloaded without the individual knowing through unsuspecting links or files.
Important Number to Know:
According to Help Net Security, malware threats increased over 300% in 2020 alone.
Phishing
If you’ve ever received an email from a European millionaire’s lawyer wanting to get your bank account number to deposit money, you’ve received a phishing scam.
Phishing is the most common threat out there, especially for small businesses and organizations, and they’re only becoming more sophisticated. Emails might look like they come from a legitimate source, including a trusted vendor or bank, and request you to provide sensitive information or payment. Be sure to be hyper vigilant to scrutinize any unexpected emails.
Important Number to Know:
Emails aren’t the only phishing threat. Websites designed to mimic legitimate sites account for around 3% of phishing threats. At the start of January 2021, Google had already identified 2,145,013 phishing sites.
Ransomware
Ransomware is a significant threat that is increasingly targeting small businesses and organizations. This form of malware encrypts files so they’re inaccessible and unusable. They are then held ransom by an attacker who demands payment for the files to be decrypted.
Important Number to Know:
In 2020, an organization became a victim of a ransomware event every 10 seconds.
Trojan Horse
A Trojan horse is a form of malware that looks like a functional software or file but is designed to perform malicious functions. Trojan horses are often sent through a legitimate-looking email as an attachment. Once the user enacts it (downloads it, opens the file, etc.), it performs its designed function and can spread to other files and applications, stealing sensitive data, creating a disruption, or performing some other type of damaging action.
Important Number to Know:
About 58% of all malware is a Trojan horse.
Virtual Private Network (VPN)
A VPN allows you to create a private and secure connection to the internet. VPNs provide encryption, making it hard for cyber criminals to spy on your normal web habits (reading emails, logging in to bank accounts, etc.) and access sensitive data.
For businesses, VPNs allow employees to remotely access in-house servers so they can securely complete work tasks. If your office has a BYOD (bring your own device) policy, a VPN can be critical for protecting your data.
Important Number to Know:
Approximately 74% of companies see requiring a VPN as an important measure of security for remote workers.
If cybersecurity feels overwhelming to you, you’re not alone! The AxiaTP team is here to help you navigate the complex world of keeping your business and team safe.
Get a FREE, no-strings-attached Security Audit for valuable insights on how you can improve your cybersecurity practices. Learn more here.